Bcrypt vs Hash in laravel
Solution 1
Your second option isn't bcrypt. Laravel's Crypt class uses AES encryption.
As stated in the documentation:
Laravel provides facilities for strong AES encryption via the Mcrypt PHP extension.
As far as I can tell you don't need to be able to decrypt the data, to reverse the encryption. Therefore you should definitely use a hashing algorithm like sha256 in your first option. However Laravel ships with a pretty good hashing class already so why not use that.
Option 3 (Laravel Hash, Bcrypt)
$hash = Hash::make('secret');
$input = 'secret';
if(Hash::check($input, $hash)){
// the input matches the secret
}
Note that you have to use Hash::check() for comparing. You can't just create another hash with Hash::make() and compare them. The generated hash contains a random component, so even if it's the same secret, Hash::make() will produce a different hash every time.
Solution 2
If you never need to decrypt the key for further use, the first option is better.
If you need to get the key back after it's been encrypted, the second option will be better.
Comments
-
Dees Oomens about 4 years
I want to create a function or something like a Cron that executes a link (in Laravel), with something like a password. I've got two solutions. But which one is better to use:
Option 1 (hash):
<?php // Page 1 $salt = "my-random-hash"; $key = hash('sha256', date('Y-m-d').$salt); // <-- Insert go to page and send GET with $key code here // Page 2 $salt = "my-random-hash"; $key = hash('sha256', date('Y-m-d').$salt); if ($key == $pageOneKey) { // Execute some code }Option 2 (bcrypt):
<?php // Page 1 $key = Crypt::encrypt(date('Y-m-d')); // <-- Insert go to page and send GET with $key code here // Page 2 $key = date('Y-m-d'); $pageOneKey = Crypt::decrypt($key); if ($key == $pageOneKey) { // Execute some code }This code has been described broadly. With better to use i mean safer / more secure, or something in that trance. Thanks!